Red Hat Bugzilla – Bug 1585866
CRMFPopClient tool - should allow option to do no key archival
Last modified: 2018-10-30 07:08:06 EDT
The tool CRMFPopClient currently requires one to supply needed options to do key archival. One should be allowed to do no key arhival as key archival is an option to CRMF, not a requirement. Note: This is actually a request from our Common Criteria Lab to provide this option to allow for some of their test cases to be performed.
commit 8cf6b5b2ac6da169f1c63341159faebc09580798 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, gerrit/DOGTAG_10_5_BRANCH) Author: Christina Fu <cfu@redhat.com> Date: Mon Jun 4 16:47:57 2018 -0700 Ticket 3033 CRMFPopClient tool - should allow option to do no key archival This patch allows key transport cert file to not be specified, which would then not include key archive option in the CRMF request. fixes https://pagure.io/dogtagpki/issue/3033 Change-Id: Ib8c585c15057684aa049632d8eb67c2827d7e774
for the record, this had to be manually merged dur to conflict: commit 6a95f01f8cde2df77dba0732117df38c7e849b1e (HEAD -> master, origin/master, origin/HEAD, ticket-3033-CRMFPopClient-noArch) Author: Christina Fu <cfu@cfu-fedora.usersys.redhat.com> Date: Fri Jun 8 16:31:06 2018 -0700 Ticket 3033 CRMFPopClient tool - should allow option to do no key archival This patch allows key transport cert file to not be specified, which would then not include key archive option in the CRMF request. fixes https://pagure.io/dogtagpki/issue/3033 Change-Id: I087bfa6700f22c794e7a316f4451b3a9dc800265
My understanding is that if a 7.6 bug was created for the purpose of 7.5z, the information only need to go into its 7.5z clone. So in this case: https://bugzilla.redhat.com/show_bug.cgi?id=1588945
(In reply to Christina Fu from comment #9) > My understanding is that if a 7.6 bug was created for the purpose of 7.5z, > the information only need to go into its 7.5z clone. > So in this case: > https://bugzilla.redhat.com/show_bug.cgi?id=1588945 But should this BZ be mentioned in RHEL 7.6 release notes again? Custumers might have seen this fix already in the 7.5 erratum. On the other side, some developers want to mention some BZs again in later RNs in case that the customer skipped a version. We writers can't decide this. If you set at least the Doc Type, I know if I should copy the text (bug fix/enhancement) or if it should not be repeated (no doc update).
QE Test Verification https://bugzilla.redhat.com/show_bug.cgi?id=1588945#c3
[root@auto-hv-02-guest02 ~]# rpm -qi pki-ca Name : pki-ca Version : 10.5.9 Release : 6.el7 Architecture: noarch Install Date: Mon 17 Sep 2018 09:07:18 AM EDT Group : System Environment/Daemons Size : 2451611 License : GPLv2 Signature : RSA/SHA256, Tue 21 Aug 2018 10:24:33 PM EDT, Key ID 199e2f91fd431d51 Source RPM : pki-core-10.5.9-6.el7.src.rpm Build Date : Tue 21 Aug 2018 09:00:11 PM EDT Build Host : ppc-016.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority Verification steps explained in https://bugzilla.redhat.com/show_bug.cgi?id=1588945#c8
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195